Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/M3_GZcVdFB-kUlBz3CbzHEwugOo.roa
File:                     M3_GZcVdFB-kUlBz3CbzHEwugOo.roa (raw, json)
Hash identifier:          RVTdHVmgLYKRoXRwHS2aSD1uxSSdaXu0WilfMzCHLdQ=
Subject key identifier:   33:7F:C6:65:C5:5D:14:1F:A4:52:50:73:DC:26:F3:1C:4C:2E:80:EA
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019420D619339F385D7E3F54491F3655E6C5
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/M3_GZcVdFB-kUlBz3CbzHEwugOo.roa
Signing time:             Wed 01 Jan 2025 07:48:09 +0000
ROA not before:           Wed 01 Jan 2025 07:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56746
IP address blocks:        2a05:b680:100::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:19:33:9f:38:5d:7e:3f:54:49:1f:36:55:e6:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  1 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=337fc665c55d141fa4525073dc26f31c4c2e80ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:42:ab:60:a3:fb:eb:d0:32:88:c7:aa:7f:ea:
                    21:93:a1:9c:cf:6d:a9:47:ef:bb:e6:bf:4b:df:cd:
                    8c:54:0d:dd:b3:01:6d:5f:78:8f:c6:c8:80:68:7d:
                    6e:94:22:5c:41:ef:31:6e:62:44:34:c6:50:12:6c:
                    3f:1d:fe:79:c2:c2:82:bd:17:2a:90:67:4e:2e:bc:
                    7a:3b:b7:00:3f:64:b0:c5:a8:7d:11:69:9f:35:f8:
                    25:85:e2:ae:ef:7e:59:1b:bb:73:0d:60:90:fd:4a:
                    b6:11:28:7f:42:67:65:3f:66:b0:9a:0d:a9:69:1a:
                    55:97:88:e9:c7:09:c2:9f:e7:85:1f:88:8f:bc:51:
                    23:f8:b8:81:29:3a:e8:de:6e:96:d7:14:76:b4:86:
                    c9:a4:9f:a6:eb:87:ca:c7:4e:ad:b9:47:94:e2:a1:
                    12:6b:03:a2:45:32:fd:a1:36:07:ca:85:b1:67:63:
                    a2:95:f8:af:85:8c:40:8b:b3:fd:c7:e7:f9:d9:a9:
                    13:08:ee:3e:db:d1:69:6f:0f:5e:ec:30:43:2e:4f:
                    31:e1:ad:74:50:d0:41:a2:32:f8:89:47:44:45:61:
                    23:52:95:36:ee:e1:2e:71:ab:7f:5f:ae:ea:fa:a6:
                    b2:aa:d0:c6:2d:42:21:31:98:5a:61:08:65:db:94:
                    c6:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7F:C6:65:C5:5D:14:1F:A4:52:50:73:DC:26:F3:1C:4C:2E:80:EA
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/M3_GZcVdFB-kUlBz3CbzHEwugOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b680:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         2c:5c:8a:c7:76:bb:eb:7b:ad:27:7e:36:df:de:62:f8:de:46:
         85:97:dd:b8:f5:bd:e4:de:a0:c3:72:4e:46:78:31:51:60:c7:
         cc:70:02:da:b7:8a:64:40:da:96:72:31:60:b1:ed:b2:24:1f:
         52:eb:26:8f:d5:5e:27:b0:74:16:0f:77:0e:1a:1c:51:c2:56:
         01:ce:e8:b8:96:db:7a:d7:70:80:f9:4d:17:39:81:e6:cf:d3:
         f1:15:b6:49:c3:e2:e6:c7:a5:be:9a:c4:55:af:62:3c:2c:bc:
         18:95:87:74:04:44:ba:cd:80:61:91:5a:10:b1:37:13:78:8a:
         bb:36:c9:8b:0b:83:49:6b:81:03:55:86:d8:22:9d:fc:4b:bb:
         ed:02:6e:80:8d:06:c7:fa:e6:8a:04:c5:f6:12:a7:6d:ac:de:
         ef:c0:12:48:69:88:7d:17:5f:a1:90:8b:d5:41:f5:81:0b:a8:
         04:9a:f3:8b:ce:36:9a:a5:c0:c0:00:13:60:91:6f:e4:82:28:
         33:45:c0:0a:2d:45:f4:44:5b:6c:29:ee:38:55:8c:30:da:ce:
         16:21:f2:8d:10:37:7f:9b:00:74:e7:f0:cd:0c:0f:dc:8a:51:
         b2:a8:70:e5:c9:32:e2:7d:a8:6a:5b:bb:c7:23:b2:71:1a:56:
         e5:45:a3:78
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQg1hkznzhdfj9USR82VebFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjUwMTAxMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdmYzY2NWM1NWQxNDFmYTQ1MjUwNzNkYzI2ZjMxYzRjMmU4MGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0KrYKP769AyiMeqf+ohk6Gcz22p
R++75r9L382MVA3dswFtX3iPxsiAaH1ulCJcQe8xbmJENMZQEmw/Hf55wsKCvRcq
kGdOLrx6O7cAP2Swxah9EWmfNfglheKu735ZG7tzDWCQ/Uq2ESh/QmdlP2awmg2p
aRpVl4jpxwnCn+eFH4iPvFEj+LiBKTro3m6W1xR2tIbJpJ+m64fKx06tuUeU4qES
awOiRTL9oTYHyoWxZ2OilfivhYxAi7P9x+f52akTCO4+29Fpbw9e7DBDLk8x4a10
UNBBojL4iUdERWEjUpU27uEucat/X67q+qayqtDGLUIhMZhaYQhl25TG5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDN/xmXFXRQfpFJQc9wm8xxMLoDqMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvTTNfR1pjVmRGQi1rVWxCejNDYnpIRXd1Z09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgW2gAEw
DQYJKoZIhvcNAQELBQADggEBACxcisd2u+t7rSd+Nt/eYvjeRoWX3bj1veTeoMNy
TkZ4MVFgx8xwAtq3imRA2pZyMWCx7bIkH1LrJo/VXiewdBYPdw4aHFHCVgHO6LiW
23rXcID5TRc5gebP0/EVtknD4ubHpb6axFWvYjwsvBiVh3QERLrNgGGRWhCxNxN4
irs2yYsLg0lrgQNVhtginfxLu+0CboCNBsf65ooExfYSp22s3u/AEkhpiH0XX6GQ
i9VB9YELqASa84vONpqlwMAAE2CRb+SCKDNFwAotRfREW2wp7jhVjDDazhYh8o0Q
N3+bAHTn8M0MD9yKUbKocOXJMuJ9qGpbu8cjsnEaVuVFo3g=
-----END CERTIFICATE-----